diff options
author | James Bottomley <James.Bottomley@HansenPartnership.com> | 2024-04-29 16:28:03 -0400 |
---|---|---|
committer | Jarkko Sakkinen <jarkko@kernel.org> | 2024-05-09 22:30:51 +0300 |
commit | 699e3efd6c645c741ea4d6d58282c56b6d108cf7 (patch) | |
tree | d18c0bf357bbef9fc5adfc6bfd51cc3a4a4aa769 /drivers/char/tpm/Kconfig | |
parent | 033ee84e5f01c86997cde29947805e9781ddf233 (diff) |
tpm: Add HMAC session start and end functions
Add session based HMAC authentication plus parameter decryption and
response encryption using AES. The basic design is to segregate all
the nasty crypto, hash and hmac code into tpm2-sessions.c and export a
usable API. The API first of all starts off by gaining a session with
tpm2_start_auth_session() which initiates a session with the TPM and
allocates an opaque tpm2_auth structure to handle the session
parameters. The design is that session use will be single threaded
from start to finish under the ops lock, so the tpm2_auth structure is
stored in struct tpm2_chip to simpify the externally visible API.
The session can be ended with tpm2_end_auth_session() which is
designed only to be used in error legs. Ordinarily the further
session API (future patches) will end or continue the session
appropriately without having to call this.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> # crypto API parts
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
Tested-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
Diffstat (limited to 'drivers/char/tpm/Kconfig')
-rw-r--r-- | drivers/char/tpm/Kconfig | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/drivers/char/tpm/Kconfig b/drivers/char/tpm/Kconfig index c3996786f9bf..e63a6a17793c 100644 --- a/drivers/char/tpm/Kconfig +++ b/drivers/char/tpm/Kconfig @@ -30,6 +30,8 @@ if TCG_TPM config TCG_TPM2_HMAC bool "Use HMAC and encrypted transactions on the TPM bus" default y + select CRYPTO_ECDH + select CRYPTO_LIB_AESCFB select CRYPTO_LIB_SHA256 help Setting this causes us to deploy a scheme which uses request |